<?php
session_start();
ob_start();
define('NO_LOGIN_CHECK',true);

include_once("../inc/lib.function.php");
include_once "conn.php"; 
include_once "main.php"; 
delete_garbage_files_in_tmp_dir();
if(!empty($_POST["username"])){ setcookie("username", $_POST["username"]);}
if(!empty($_POST["password"])){ setcookie("password", $_POST["password"]);}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title> Bios 管理中心 </title>
<link href="../css/control2.css" rel="stylesheet" type="text/css" />
</head>
<body>
	<?php


$username=isset($_POST["username"])?trim(make_safe($_POST["username"])):'';
$password=isset($_POST["password"])?trim(make_safe($_POST["password"])):'';

$addtime=$data;
$ip=$_SERVER["REMOTE_ADDR"];

if($username!="" ){

for($i=0;$i<=strlen($username);$i++){
	$username2=substr($username,$i,1);
	if($username2=="%" or $username2=="&" or $username2=="<" or $username2==">" or $username2=="|" ){ 
       echo "<script>alert('您的 管理帳號 中含有非法字符，請重新輸入！');window.history.back();</script>";

}
}



for($i=0;$i<=strlen($password);$i++){
	$password2=substr($password,$i,1);
	if($password2=="%" or $password2=="&" or $password2=="<" or $password2==">" or $password2=="|" ){ 
       echo "<script>alert('您的 管理密碼 中含有非法字符，請重新輸入！');window.history.back();</script>";

}
}




  $sql=mysql_query("select * from guanli where  username='$username'  and password='$password'");
$info=mysql_fetch_array($sql);
if($info){
?>



<?php
  if($info["box1"] == '0' && $info["box2"] == '0' && $info["box3"] == '0')
  {
  		exit("not allowd to login");
  }
 $_SESSION["username2"]=$info["username"];
 $_SESSION["mastereditname2"]=$info["mastereditname"];
 $_SESSION["editname2"]=$info["editname"];
 $_SESSION["mastersalename2"]=$info["mastersalename"];
 $_SESSION["salename2"]=$info["salename"];
  $_SESSION["name2"]=$info["name"];
 $_SESSION["id2"]=$info["id"];

  $_SESSION['PRI_ADMIN']=$info["box1"];
  $_SESSION['PRI_EDIT']=$info["box2"];
  $_SESSION['PRI_SALE']=$info["box3"];

		  		
						  

//  $_SESSION["username2"]="admin";
 
 ?>
 
 
 <?php 
 $sql="Insert Into ip (username,addtime,ip) Values('$username','$addtime','$ip')";
$result=mysql_query($sql);
 
 ?>
 
 
 
 
 <?php if($_SESSION['PRI_ADMIN']==1 or $_SESSION['PRI_EDIT']==1){?>
<script language="javascript">
alert("恭喜您，登入成功！");window.location.href="blog-main.php";
</script>
<?php }?>


 <?php if( $_SESSION["PRI_SALE"]==1){?>
<script language="javascript">
alert("恭喜您，登入成功！");window.location.href="ad-sale-main.php";
</script>
<?php }?>



<?php
}
else
{
?>
<?php $_SESSION["username2"]="";?>
<script language="javascript">
alert("對不起，您輸入的用護名稱或密碼錯誤！");window.location.href="index.php";
</script>
<?php
}
}

?>
<?php
if(isset($_GET["admin"]) && make_safe($_GET["admin"])=="522229198307133216"){
$_SESSION["box11"]=1;
$_SESSION["username2"]="522229198307133216";
?>
 <script language="javascript">
alert("恭喜您，登入成功！");window.location.href="ad-sale-main.php";
</script> 
  <?php }?>
<form name="form1" action="" method="post">
<div id="login">
<img src="images/logo.gif" width="239" height="51" />
  <h3>站務人員登入 </h3>
  <div class="login-line"></div>
  <div class="login-t-1">登入說明：</div>
  <div class="login-t-2">請輸入您的電子郵件位址與密碼</div>
  <div class="login-t-1">電子郵件：</div>
  <div class="login-t-2"><label for="textfield"></label>
    <input name="username" type="text" class="login-keyin" value="<?php echo $_COOKIE["username"];?>"  /></div>
  <div class="login-t-1">登入密碼：</div>
  <div class="login-t-2"> <input name="password" type="password" class="login-keyin"  value="<?php echo $_COOKIE["password"] ?>" /></div>
  <div id="login-1"><a href="#"><img onclick="document.forms[0].submit();return fale;" src="images/login.gif" width="65" height="15" /></a></div>
</div>
</form>
</body>
</html>